How to Trick Your AI TA: A Systematic Study of Academic Jailbreaking in LLM Code Evaluation

TL;DR

This study systematically investigates the vulnerability of LLM-based academic code evaluators to adversarial attacks, introduces a large dataset of poisoned submissions, and proposes metrics to assess the impact of jailbreaking strategies, highlighting significant model weaknesses.

Contribution

It introduces a comprehensive set of academic jailbreaking strategies, a large adversarial dataset, and evaluation metrics, advancing understanding of LLM vulnerabilities in academic code evaluation.

Findings

LLMs are highly vulnerable to jailbreaking attacks, with success rates up to 97%.

Persuasive and role-play attacks are particularly effective.

The dataset and benchmarks enable future research on robust LLM evaluators.

Abstract

The use of Large Language Models (LLMs) as automatic judges for code evaluation is becoming increasingly prevalent in academic environments. But their reliability can be compromised by students who may employ adversarial prompting strategies in order to induce misgrading and secure undeserved academic advantages. In this paper, we present the first large-scale study of jailbreaking LLM-based automated code evaluators in academic context. Our contributions are: (i) We systematically adapt 20+ jailbreaking strategies for jailbreaking AI code evaluators in the academic context, defining a new class of attacks termed academic jailbreaking. (ii) We release a poisoned dataset of 25K adversarial student submissions, specifically designed for the academic code-evaluation setting, sourced from diverse real-world coursework and paired with rubrics and human-graded references, and (iii) In order to capture the multidimensional impact of academic jailbreaking, we systematically adapt and define three jailbreaking metrics (Jailbreak Success Rate, Score Inflation, and Harmfulness). (iv) We comprehensively evalulate the academic jailbreaking attacks using six LLMs. We find that these models exhibit significant vulnerability, particularly to persuasive and role-play-based attacks (up to 97% JSR). Our adversarial dataset and benchmark suite lay the groundwork for next-generation robust LLM-based evaluators in academic code assessment.